[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070302054216.GX27137@outflux.net>
Date: Thu, 1 Mar 2007 21:42:16 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-428-2] Firefox regression
===========================================================
Ubuntu Security Notice USN-428-2 March 02, 2007
firefox regression
https://launchpad.net/bugs/88990
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
firefox 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2
libnspr4 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2
libnss3 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2
After a standard system upgrade you need to restart Firefox to effect
the necessary changes.
Details follow:
USN-428-1 fixed vulnerabilities in Firefox 1.5. However, changes to
library paths caused applications depending on libnss3 to fail to start
up. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Several flaws have been found that could be used to perform Cross-site
scripting attacks. A malicious web site could exploit these to modify
the contents or steal confidential data (such as passwords) from other
opened web pages. (CVE-2006-6077, CVE-2007-0780, CVE-2007-0800,
CVE-2007-0981, CVE-2007-0995, CVE-2007-0996)
The SSLv2 protocol support in the NSS library did not sufficiently
check the validity of public keys presented with a SSL certificate. A
malicious SSL web site using SSLv2 could potentially exploit this to
execute arbitrary code with the user's privileges. (CVE-2007-0008)
The SSLv2 protocol support in the NSS library did not sufficiently
verify the validity of client master keys presented in an SSL client
certificate. A remote attacker could exploit this to execute arbitrary
code in a server application that uses the NSS library.
(CVE-2007-0009)
Various flaws have been reported that could allow an attacker to
execute arbitrary code with user privileges by tricking the user into
opening a malicious web page. (CVE-2007-0775, CVE-2007-0776,
CVE-2007-0777, CVE-2007-1092)
Two web pages could collide in the disk cache with the result that
depending on order loaded the end of the longer document could be
appended to the shorter when the shorter one was reloaded from the
cache. It is possible a determined hacker could construct a targeted
attack to steal some sensitive data from a particular web page. The
potential victim would have to be already logged into the targeted
service (or be fooled into doing so) and then visit the malicious
site. (CVE-2007-0778)
David Eckel reported that browser UI elements--such as the host name
and security indicators--could be spoofed by using custom cursor
images and a specially crafted style sheet. (CVE-2007-0779)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2.diff.gz
Size/MD5: 177681 367677dfb9fcdea096afe508f510507a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2.dsc
Size/MD5: 1120 e96bcad4e4a2fdff5e90047442a854e3
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10.orig.tar.gz
Size/MD5: 44679183 d55d439c238064ddcedb8fabb6089ff2
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_all.deb
Size/MD5: 50480 0a9654e29b1e7b315fe7bcde85fe0a82
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_all.deb
Size/MD5: 51368 f7d7e7df86459c24fa3184da5e723ca3
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_amd64.deb
Size/MD5: 47443244 3322fcd458dbfe789ae53e21b86df8be
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_amd64.deb
Size/MD5: 2804584 ee33eecb089c532d74c33e544cd5b520
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_amd64.deb
Size/MD5: 217432 4ecfe5ce1cd0d9164a2efbb99196f813
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_amd64.deb
Size/MD5: 83680 7b22ca5bf3a188e54c2f4d3270cbd0d3
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_amd64.deb
Size/MD5: 9439946 eb8e96f2526f59a96713b4d80653062c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_amd64.deb
Size/MD5: 220236 b0ce1880afb5c1ee300a1e5c6bbf897c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_amd64.deb
Size/MD5: 163584 9cce73f59d74b1a6921ef8004f02cda2
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_amd64.deb
Size/MD5: 245562 3681ed65b9380ece582bdcceb2379d8c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_amd64.deb
Size/MD5: 823220 54fd6d513754541a455041537876bad8
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_i386.deb
Size/MD5: 44006406 98c9c7360e6aaa7eea4ed2c41f273aae
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_i386.deb
Size/MD5: 2804456 b2ddd97204d33fdc5b29971e9aa41630
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_i386.deb
Size/MD5: 210834 6a1438cbef0a71363d360777bbd3214c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_i386.deb
Size/MD5: 76068 e757d313cda5de879e948b42006bcdeb
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_i386.deb
Size/MD5: 7948176 735483f66d8c09cdbed8833073456681
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_i386.deb
Size/MD5: 220242 baf029d97f703130e0089659614cd2c4
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_i386.deb
Size/MD5: 148142 7c80067d158d37c8df818fd0e3cb4a50
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_i386.deb
Size/MD5: 245558 ef61b1f010f5e30f9e3a2a33f5c3b091
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_i386.deb
Size/MD5: 714774 1065d82a9d13e98b060e8a60821aaa37
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_powerpc.deb
Size/MD5: 48834962 4b279b424dc69b2c92098565bc2f0e1e
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_powerpc.deb
Size/MD5: 2804560 51e13ae6b8e853b5a9a4f4a19e6a4c14
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_powerpc.deb
Size/MD5: 214292 1de8eb20071f34ffb73ea7bbb3b6b871
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_powerpc.deb
Size/MD5: 79184 16dccd3a9ba2ed7c296c45e3dff1ab23
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_powerpc.deb
Size/MD5: 9056418 341caadcba7c536c098e8681b7d7231e
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_powerpc.deb
Size/MD5: 220234 f714ff5289e79c24207280050a3b4789
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_powerpc.deb
Size/MD5: 160792 b22e2fb7cbd6a0f31cb88f6439377450
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_powerpc.deb
Size/MD5: 245554 03de410c16cd2c55d8e96f3ec85c1e5c
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_powerpc.deb
Size/MD5: 813842 480783e72a753672776826165d343f15
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_sparc.deb
Size/MD5: 45406734 13357d5f6bfaca2a9f7805e9d2374229
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_sparc.deb
Size/MD5: 2804586 82083b797e91c7169135ecd5b56b4a8e
http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_sparc.deb
Size/MD5: 211778 a97cf3939728dd25381a0d8dd01136c1
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_sparc.deb
Size/MD5: 77622 2a41ddbdecba4d40777039b393dcb449
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_sparc.deb
Size/MD5: 8445612 8029b90d13fa8d3f2042c0881afbe7d1
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_sparc.deb
Size/MD5: 220242 3af481ef99ecb57a525c7585390958ef
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_sparc.deb
Size/MD5: 150638 1383f7c03bf481b21d309ae32867969a
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_sparc.deb
Size/MD5: 245538 767e66d0dca9b83daab8bc64a8ba2cb8
http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.10-0ubuntu0.6.06.2_sparc.deb
Size/MD5: 725272 dc459aad615df84f3dab766757491c25
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists